HMX0101's DOOM Keygenme
| Download doomkeygenme.zip, 292 kb (password: crackmes.de) Browse contents of doomkeygenme.zip Rules are simple, make a keygen for this wicked keygenme :)
Difficulty: 4 - Needs special knowledge | RatingWaiting for at least 3 votes View profile of HMX0101 » |
Solutions
Solution by redoC, published 05. nov, 2012; download (585 kb), password: crackmes.de or browse.
redoC has not rated this crackme yet.
Discussion and comments
| kao 25. Aug 2009 | This is *the* earliest source for Win32.Induc virus I was able to locate. @HMX0101: any ideas where you got it? Or virus was a part of the challenge? ;) |
|---|---|
| cyclops Moderator 25. Aug 2009 | Oops. Seems like it is Induc, the one which infects Delphi Compiler, and modifies the stub. Lets wait until HMX updates :) |
| HMX0101 Author 27. Aug 2009 | Updated!.. I don't know how I got this virus.. but, now its fixed, enjoy it!.. And hope it could be solved now which is "virus-free" haha ;) |
| Zuma555 31. Aug 2009 | I shall give this a try... i was kinda bored today :) |
| _pusher_ 05. Sep 2009 | What was the date for the file ? :) HMX0101 Author of Induc... joking ;) |
| cyclops Moderator 07. Sep 2009 | If I remember correctly, it was late JAN 2009. Induc was famous by early AUG, pretty old infection, indeed. |
| redoC 08. Oct 2012 | new version uploaded? because ratio is still 21/43 on virustotal.com ... ??? |
| HMX0101 Author 08. Oct 2012 | IIRC I put some junk code which AV may detect keygenme as a virus. |
| redoC 30. Oct 2012 | .....test...... can't post comment! |
| redoC 30. Oct 2012 | I already pass Serial test but need help with Activation code. Maybe it's trivial but can't find it. Here is algo. Input numbers are ActNum1 and ActNum2: N = EB56660B454CD2AD3E08749550EA70E1DE3D445962F157184BA3C5EB1E986CE90068AA8AD691EA8182B87D79F4156FFC1E1114C88E4A370D5AED2C2009DE924F BigNum1 = E6654F628B1022EEBB36455E2B9A975E9ED67432749B8C9BE11378FDF75DEC26CE840E7F71182645BA156E50A84BE8057286CB56EFDD52BADC951AEF482A50DC BigNum2 = 7402150D082ADE34CDFF9BB2D053C731DCCC46A97207036510E7D2FA48348B747A2903D79AF39BF0E7D6E19A868B94D3EED03C0B5572711EC3B8D70730254A3C RSA1 = pow (BigNum1, ActNum2) mod N RSA2 = pow (BigNum2, ActNum1) mod N mul_val = (RSA1 * RSA2) mod N md5_val = MD5 (strcat(UserName,SerialNum)) final condition: md5_val + mul_val == ActNum1 SOME HINTS: - modulus N is a prime - this number is initialized but not used: C593BED83AEFB703F775EC8798FF398CF31FEDFF ... it can be used as one of the exponent - I also find this 'secret' string: "X=33008243F89B52F94BD1FBE5C18062CF71BCD6AB, Wow you found my priv. key.. now what's next? ;)" |
| Dcoder 01. Nov 2012 | This is a custom signature scheme, as far as I can tell. Here's what's going on: p = N g = Bignum1 y = g^X = Bignum2 n = C593BED83AEFB703F775EC8798FF398CF31FEDFF = order of g The scheme verifies that g^a y^b + H(m) = b. This is equal to g^(a + b*x) = b - H. To generate valid serials, you can: - Set b = H(m) + 1 - Set a = n - (b*x mod n) Note how b - H(m) is now 1, and so is g^(n - b*x + b*x (mod n)) = g^n = 1. |
| redoC 01. Nov 2012 | Dcoder your descriptin is too vague. Did you test your scheme and it works? - In line "Set a = n - (b*x mod n)" ...how to get x ? - Secret private key 33008243F89B52F94BD1FBE5C18062CF71BCD6AB is not used? |
| tomkol 01. Nov 2012 | To get x you need to calculate modular inverse (x=b^-1 mod n). You can use for it extended euclidian algorithm. |
| redoC 02. Nov 2012 | Yes, I got it! "And now we are all doomed!" |
| HMX0101 Author 05. Nov 2012 | Hey redoC, nice sol! and Dcoder good explanation :)) Btw, this was the crypto used: http://en.wikipedia.org/wiki/Schnorr_signature Keep the good work! :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.